Database Info

Help? Particular website access issues from android phone

Hopefully I'm posting this in an ok section. I'm not sure what the issue is, and I'm trying to figure out if this is a software, hardware, provider, or website issue. I am beginning to suspect a software issue though.
I have a stock HTC M8, and as of about 2 weeks ago, I'm having issues logging in to one particular website: http://socialclub.rockstargames.com/ , but ONLY when connected through my wireless provider. The main page loads just fine, but as soon as I hit the sign in button to try to get to the signin page, it hangs for a while, then I get the message "internal error - server connection terminated" .
Here's the thing though: If I try to sign in to the page while connected to a Wifi network, it works just fine, and will continue to work properly even if I turn wifi off, until such time as the page automatically ends my session and I have to log in again. It's just that initial log in that won't work if connected to a wireless network. Also, I can't log out either unless on a wifi connection.
Here's what I tried already:
- Tried to log in using my wife's S4 (also stock rom). No good.
- Tried Chrome and Firefox browsers. Same problem.
- Contacted the website support. They say my wireless connection is too slow. Speedtest says 80Mbps down, 30Mbps up, 31ms ping. Ummm... I'm going to say this isn't the issue.
- Contacted my wireless provider (Telus). They say they haven't made any changes the last couple of weeks.
The only changes I've made recently is that I updated Android System Webview. I can't even get a handle on what the heck this app is for (Typical review: "It changed my life! My acne disappeared, and I won the lottery!")
Any ideas? I'm at a loss here....

In chrome you should check on the requeat desktop page and give it a try
Sent from my SM-G355H using XDA Free mobile app

Sadly, I've tried that as well. No go on any browser.
That's why I figured maybe it was something HTC screwed up with a recent update.

Can you access that login with any other method on your htc

Nope. WiFi only. Every other attempt to reach the login page fails. Browser doesn't matter, desktop view is no good, manual or auto login is also useless.
It simply won't load the login page.
I noticed on my desktop that it goes from whatever page you click the login button from, to a log in page, and then back to your original page once you enter your information. It's that transition to and from that login page that seems to be where the issue lies.

I must be in the website you do not need to worry as your droid is safe

Sorry, but you lost me there...

It could be thatbi lost but i dont know coz at somd times i have same problem anf it goea away by itself so i think its a site problem

I thought that originally as well, but they claim they haven't changed anything and blame my ISP, my ISP claims they haven't changed anything and blames the site...
This is why I'm wondering if it maybe has something to do with android web view or the native browser interfering with the whole system since it started about the same time as I downloaded the updates.
You wouldn't by chance know where I could find an apk for the HTC browser 2 versions ago would you? That way I could remove all updates then install that and at least verify or eliminate a possible cause.

Yes i can tell you where is the befault internet brousef app present on your device.
Download ans install es file manager.
Open it. At the top you will see sd card tap that. A mwnu will open. In that menu the first option is / device select that.
In that search for system folder. Inside that you will find many folders but inside folder app and priv_app there are syatem apk
Your brouser app will be inaide one of them.
Try searching goos lucl

[Completed] Audio Adverts when android is sleeping

Hi everyone,
At a bit of a loss here. My gf has a nexus 5 running android 6 and she keeps getting loud adverts playing when her phone is sleeping.
It is intermittent, no set pattern and as soon as the power button is pressed there is no trace of anything.
I have googled excessively and can find no one else who has experienced it.
I have removed lots of her apps that could be suspect but today it happened and I heard it with my own ears. They appear to be targeted ads as it played an audio ad for a national car chip repair service.
Any help or advice welcomed.
Thinking of doing a factory reset of the phone.....

hawkyhawk1404 said:
Hi everyone,
At a bit of a loss here. My gf has a nexus 5 running android 6 and she keeps getting loud adverts playing when her phone is sleeping.
It is intermittent, no set pattern and as soon as the power button is pressed there is no trace of anything.
I have googled excessively and can find no one else who has experienced it.
I have removed lots of her apps that could be suspect but today it happened and I heard it with my own ears. They appear to be targeted ads as it played an audio ad for a national car chip repair service.
Any help or advice welcomed.
Thinking of doing a factory reset of the phone.....
Click to expand...
Click to collapse
One way to find out which app is causing this is to go to Settings->Apps->Running and see what all apps are listed here.
Try looking uninstalling the user apps listed here one by one and check if the problem is fixed.
Normally it has to be a Game app or sth. like that.
Cheers.

dagger said:
One way to find out which app is causing this is to go to Settings->Apps->Running and see what all apps are listed here.
Try looking uninstalling the user apps listed here one by one and check if the problem is fixed.
Normally it has to be a Game app or sth. like that.
Cheers.
Click to expand...
Click to collapse
I tried doing that, and nothing obvious was running. The only thing it claimed was running was Android Web View - which would make sense, the ads are probably javascript and HTML5 audio elements., but I could not see what was invoking the web view to open.
I did run a malware scan using malwarebytes for andorid and it ALWAYS crashed when scanning chrome, even after I cleared the chrome cache and data. Which made me suspect chrome was infact infected.
On a more depressing note, I did end up factory reseting the phone, and did a clean install, and installed her "vital" apps (to make sure it did not restore a "bad" application) and my gf has just alerted me to the fact it has begun speaking to her again! Arrghh.
I would of thought a factory reset would have removed all traces of this thing.
Would it be worth doing (the rather drastic) full factory reset, using the google provided factory images and ADB/Fastboot?

hawkyhawk1404 said:
I tried doing that, and nothing obvious was running. The only thing it claimed was running was Android Web View - which would make sense, the ads are probably javascript and HTML5 audio elements., but I could not see what was invoking the web view to open.
I did run a malware scan using malwarebytes for andorid and it ALWAYS crashed when scanning chrome, even after I cleared the chrome cache and data. Which made me suspect chrome was infact infected.
On a more depressing note, I did end up factory reseting the phone, and did a clean install, and installed her "vital" apps (to make sure it did not restore a "bad" application) and my gf has just alerted me to the fact it has begun speaking to her again! Arrghh.
I would of thought a factory reset would have removed all traces of this thing.
Would it be worth doing (the rather drastic) full factory reset, using the google provided factory images and ADB/Fastboot?
Click to expand...
Click to collapse
Just out of curiosity, does this music play while there is an incoming notification?

dagger said:
Just out of curiosity, does this music play while there is an incoming notification?
Click to expand...
Click to collapse
The odd thing is there is NO notification at all. You can just hear the advert, and once the screen comes on, there is no sign of it ever happening!
No notifications, no open applications in the app draw. Very annoying!

hawkyhawk1404 said:
The odd thing is there is NO notification at all. You can just hear the advert, and once the screen comes on, there is no sign of it ever happening!
No notifications, no open applications in the app draw. Very annoying!
Click to expand...
Click to collapse
Well,that's strange.
Only thing that is left to try is a full reset, as I guess the media is stored somewhere in the internal storage and is played by some adware.
Just back up only the essential folders ( like DCIM,Music,etc.) and nothing more from your internal storage prior to a full reset.
That should solve the problem.
Cheers.

Chrome Home Page changed

A few days ago out of the blue my homepage in Chrome was changed from https://www.google.com to http://portal.fly2tech.com/?channel=13#!/, without me doing so. So i ran a malware check with Malwarebytes and nothing, so better safe than sorry i start looking at apps, com.android.partnerbrowsercustomizations.example is showing as a normal app, whereas before it was a hidden system app. My phone is running stock MM 6.0.1 with Nov 2016 security patches. Not rooted with stock recovery. As a precaution I did a factory reset, and everything was fine then just about an hour ago it changed again, to the fly2tech portal as homepage, i went into apps and the com.android.partnerbrowsercustomizations.example program was showing again, i selected the three dot menu in upper right and clicked uninstall update, at which point i was prompted if i wanted to revert a system app to previous version, I clicked yes, and it disappeared from apps back to hidden system app. I uninstalled chrome just to make sure I was getting a clean copy and so far no more fly2tech portal. I have fired off a support request to Alcatel. I certainly hope they are not pushing this garbage out to customers. Or there is a vulnerability that needs fixed!!! A google search has indicated this has happened to one touch devices from all I have seen....
Anybody else having this problem??

oops, Clicking that link crashed a few apps on my Chrome. Weird how that could be an Alcatel thing.

Huskied said:
oops, Clicking that link crashed a few apps on my Chrome. Weird how that could be an Alcatel thing.
Click to expand...
Click to collapse
It did it again, i rolled back system app, they have also pushed an update to their updater app, I have disabled automatic updating of system and system apps, hopefully it doesn't do it again. I called Alcatel support today, they didn't deny it was them, but they created a ticket and will get back with me.

So I just got a phone call from Alcatel support, they are investigating, the guy said they are in touch with the dept in charge of FOTA updates to see if its something they are pushing or if there is a vulnerability at play. At least they are interested enough to actually call me for details....

Interesting....

That's what is usurp my stock browser for over a month. I set homepage to google.com but it's​always changed autonomous to this portal thing. It's like some mw on Windows doing it's job. Weird.
Sent from my 6045K using Tapatalk

Nikola Jovanovic said:
That's what is usurp my stock browser for over a month. I set homepage to google.com but it's​always changed autonomous to this portal thing. It's like some mw on Windows doing it's job. Weird.
Click to expand...
Click to collapse
At this point I'm convinced Alcatel is pushing the customization, via the system update, and not any malware.... But they have no right to choose my homepage. I have blocked automatic updates to system and system apps so I'm going to run a few days and see if that fixes it...

I'm ​not sure that is the case cause mine have been disabled long time before this happened...
Sent from my 6045K using Tapatalk

Nikola Jovanovic said:
I'm ​not sure that is the case cause mine have been disabled long time before this happened...
Click to expand...
Click to collapse
Well the problem has not repeated itself, since disabling automatic system app updates. I'm still waiting to hear back from Alcatel USA. I find it hard to believe they would force a customization on a phone that is not subsidized, and I could be entirely wrong about it being them, regardless if it's them or not, I don't think I should be forced into using a portal that keeps resetting itself to the homepage. If it's Alcatel, they need to stop, if it's a security vulnerability I hope they patch it.

I doesn't make sense. I've checked my updates to found out that i freezed the update app in titanium backup prior this homepage changes.
Sent from my 6045K using Tapatalk

Nikola Jovanovic said:
I doesn't make sense. I've checked my updates to found out that i freezed the update app in titanium backup prior this homepage changes.
Click to expand...
Click to collapse
Well i spoke too soon, it has happened again, i guess until I get an answer I'm, just going to have to keep uninstalling updates to com.android.partnerbrowsercustomizations.example. which really stinks. If it gets too bothersome I'll just get a new phone

Weird stuff. I'm looking towards note7r
Sent from my 6045K using Tapatalk

So Alcatel wants to send me another Idol 3 and wants to analyze my current phone... I'm glad they are taking this seriously

I have just discovered the same thing on mine. I'm going to freeze com.android.partnerbrowsercustomizations.example in Titanium Backup, and see what happens.

Fiasco said:
I have just discovered the same thing on mine. I'm going to freeze com.android.partnerbrowsercustomizations.example in Titanium Backup, and see what happens.
Click to expand...
Click to collapse
I have to call back the rep from alcatel us support Tomorrow afternoon, they want to examine my phone, not sure how comfortable I am sending my phone back to them, I will remove as much sensitive info as I can, but don't want to strip it bare, I want them to get to the bottom of the problem, but not sure how invasive they will be, but if it helps to stop the problem I guess it's worth it.... They are going to send me another Idol 3 to use while they investigate.... I thought about just doing an OOB restore via Mobile Upgrade Q, but if it's a vulnerability eventually it will creep back up on me, I guess the best bet for all of us is to let Alcatel disect my phone and determine how they can plug it....

Alcatel can always pull your info anytime anywhere you have connection to internet, as google and app developers.. so don't trip you are already been examined.
Sent from my 6045K using Tapatalk

It's not a "bug" it's intentional. I froze it with Titanium Backup then after a couple of days I removed it completely. No more homepage jacking.
Of course, you must be rooted to do this.

Fiasco said:
It's not a "bug" it's intentional. I froze it with Titanium Backup then after a couple of days I removed it completely. No more homepage jacking.
Of course, you must be rooted to do this.
Click to expand...
Click to collapse
Ok so Alcatel is acknowledging the issue and has asked that I refrain from making any modifications to device, including restore via Mobile Upgrade Q. At this point im sure someone at TCL has dropped the bomb, but I'm getting the feeling even the US support team knows this isn't gonna fly. If they want to force it, then push your own browser, don't mess with Chrome, I like my settings just the way they are. I'm giving it another week tops, then I shall root and set up my phone where it can't be violated. I can see a phone company forcing customizations on subsidized phones, but not on an unlucked phone bought outright....

So looks like they stopped pushing it...

Should we reset the phone to factory then? can't they just send an update?

Possible malware infection/network attack while using Facebook app

The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.

SeaMonster26 said:
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
Click to expand...
Click to collapse
sounds like the warning message chrome gives. The <b>%1$s</b> is variable for the website name.
https://security.googleblog.com/2015/02/more-protection-from-unwanted-software.html?m=1
found a couple of other mentions of this
see image in following thread, seems like download manager shows warning so must be Facebook downloading something from a suspect url as you say it happens using Facebook. I don't use Facebook app, you say it downloaded something by itself, without you initialising, seems dodgy, but it's a monster app as I recall, must be even bigger white more permission these days!
https://m.imgur.com/a/31Pds5y
ref
https://www.reddit.com/r/FacebookHelp/comments/9vtne6/attackers_on_b_1s_b_download/
been hampering for at least 4mths
https://www.reddit.com/r/androidapps/comments/8zq0fw/mystery_app_update_on_lg_g5_help/
see you have seen this thread also
https://forum.xda-developers.com/android/help/ineed-help-message-attackers-1s-atte-t3868724

Ghost in the Machine

Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles

Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.

As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.

Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs

Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs

Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.

Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs